package com.authentications.oauth2.auc;

import com.authentications.oauth2.auc.handler.*;
import com.authentications.oauth2.info.Oauth2Value;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.util.StringUtils;

/**
 * @ClassName ResourceServerConfigurer
 * @Author xiezhuocai
 * @Description TODO
 * @Date 2021/12/18 15:17
 */
//@Configuration
@EnableResourceServer
public class Oauth2ResourceServerConfigurer extends ResourceServerConfigurerAdapter {

    private Oauth2Value oauth2Value;

    private static final String RESOURCE_ID = "res1";//默认

    public Oauth2ResourceServerConfigurer(Oauth2Value oauth2Value){
        this.oauth2Value = oauth2Value;
    }

    @Autowired
    private TokenStore tokenStore;

    @Autowired
    private Oauth2BearerTokenExtractor bearerTokenExtractor;


    @Override
    public void configure(HttpSecurity http) throws Exception {
        setAccess(http);
        http.authorizeRequests()
            .and().csrf().disable()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);//基于token不用session
    }

    public void setAccess(HttpSecurity http) throws Exception {
        if (StringUtils.isEmpty(oauth2Value.getAccess())) {
            http.authorizeRequests()
                    .antMatchers("/**").access("#oauth2.hasScope('ROLE_API')");//所有请求校验令牌scopes是不是ROLE_API
        } else {
            if (oauth2Value.getAccess().indexOf("#") == -1) {
                oauth2Value.setAccess("#"+oauth2Value.getAccess());
            }
            http.authorizeRequests()
                    .antMatchers("/**").access(oauth2Value.getAccess());
        }
    }


    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        setResource(resources);
        resources.tokenStore(tokenStore)
 //               .tokenServices(tokenServices())//验证令牌的服务
                .tokenExtractor(bearerTokenExtractor)
                .stateless(true);
    }

    public void setResource(ResourceServerSecurityConfigurer resources) {
        if (StringUtils.isEmpty(oauth2Value.getResourceIds())){
            resources.resourceId(RESOURCE_ID);
        } else {
            resources.resourceId(oauth2Value.getResourceIds());
        }
    }

    //远程验证token
    //测试地址:http://localhost:4041/oauth/check_token?token=3dd016de-f839-4762-b7a0-14c1f8195e12
   /* @Bean
    public ResourceServerTokenServices tokenServices(){
        RemoteTokenServices services = new RemoteTokenServices();
        services.setCheckTokenEndpointUrl("http://localhost:4041/oauth/check_token");
        services.setClientId("c1");
        services.setClientSecret("secret");
        return services;
    }*/

}
